Recently, Alpharetta, Georgia-based Colonial Pipeline, the largest pipeline for refined petroleum products in the United States, had to be shut down due to a multi-pronged cyber-attack. The hackers stole a large amount of data the day before they locked Colonial’s computers with ransomware and demanded payment. Colonial eventually paid the $5M ransom in order to wrest back control of its computer systems and get its pipeline system back up and running.
The trend of cyberattacks on energy assets has continued to grow in the U.S. in recent years. In 2020, an attack brought down a natural gas compressor facility for two days. In 2018, several natural gas pipeline operators had service interruptions because of the hack of a third-party provider whose technology enables electronic communications between the entities.
The continued digitization of operational technology (OT) brings additional complexity to any organization’s enterprise network security. The Colonial Pipeline attack took place on the information technology (IT) side of their network. The decision to shut the pipeline operations down until they determined the extent of the attack was a very prudent one. Recent attacks that have occurred on the OT side of the network, such as with the Verkada camera hack, could possibly enable back-end connectivity into the organization’s IT network. The reverse can also be true, which is why Colonial wisely chose to shut down the OT network until the IT network had been secured.
CIOs and CISOs of large enterprises know that the same cyber protection practices are required on operational networks as are used with information networks. The operations of energy, oil and gas, video surveillance, SCADA, hospital equipment, and even smart buildings and smart cities, all add significant numbers of cyber-attack surfaces and introduce complexities in protecting them. Though digitization enhances network connectivity for efficient operation of the enterprise, significant effort is required to ensure the network is protected from cyber attacks.
A single enterprise security solution to handle all of these potential attack vectors just doesn’t exist. CIOs and CISOs are now looking at their network assets in a hierarchical prioritization of the most critical assets and applying cyber protection technology as appropriate. Whether using VPNs, Zero Trust Network Access, network obfuscation, mis-attribution, cloud access security brokers, in-transit IP address elimination, or the many other frameworks and technologies that exist today, security measures need to be applied to appropriately protect critical resources on both information and operational networks.